In recent weeks, some people have been shunned from the Null Byte community because they expressed "black hat" aspirations. This is because Null Byte is the "white hat" hacker training/playground. Although most of us think we know what that means, it does beg the question; "Who and what is a white hat hacker?"

There has been much discussion lately here on Null Byte about what it means to be a white hat hacker, and I'd like to take a moment to define what I see as white hat hacking. The symbolism, I think, is very clear. The GOOD guys wear white hats—and we are the good guys of hacking. That is much simpler to say than it is to define.

Hacking Is the Most Important Skillset of the 21st Century

Let's begin by emphasizing that I believe that hacking will be THE most important skill of the 21st century, for both good and ill. Some will use it to spy on us, some will use it to steal from us, and some will use it to fight us. Whatever it is used for, it will impact your life in significant ways!

That is probably the most important reason to study hacking. If it will impact your life on a daily basis in significant ways, you are likely to feel powerless as it overwhelms you. If you have significant hacking skills and experience, you will likely feel powerful as you will have the skills to defend and protect yourself and those around you.

Black Hats

It's pretty easy to define black hats. They are the people who steal from us and spy on us. Some do that WITHOUT being legally-sanctioned (cyber criminals) and some will do it WITH legal sanctions (national spy agencies and commercial data collectors).

White Hat Hackers Are Those That Are Legal?

Some people define a white hat hacker as someone who "hacks in legally proscribed ways." This would obviously include pentesting, legally-sanctioned espionage, and legally-sanctioned cyber warfare. In most cases, I would agree with that, but I would not want to be limited by that definition. I think the definition of white hat hacking can be defined much more broadly.

Mohandas Karamchand Gandhi on the Salt March (a non-cooperation movement).

Sometimes, the Law Is Wrong & Must Be Broken

I think it goes without saying that laws are made by the powerful, and those laws are designed to maintain their power. In some cases, the good guys must break laws for the greater good. No significant change takes place without someone breaking the law.

For instance, the founding fathers of the U.S. were considered traitors and guilty of treason by the British, and they would have been hung if they had been caught or lost the War for Independence. Rosa Parks broke the law by refusing to give up her seat to a white person on a Montgomery, Alabama bus that many mark the beginning of the Civil Rights Movement for African-Americans in the U.S. Mahatma Gandhi broke many laws of the British colonialists to free his people from the yoke of British rule. Nelson Mandela broke the laws of the South African government and served 27 years in prison in order to free his nation from apartheid.

Nelson Mandela

I would say that all of these people were the "good guys," but all of them broke laws that they thought were oppressive and unjust.

Hackers as Lawbreakers

The hacker group, Anonymous, has broken many laws. Some of their members are now serving prison terms as a result (most famously, Jeremy Hammond).

Anonymous

They supported WikiLeaks' attempt to show the world the unjust and inhumane crimes taking place in the Iraq War. That action was in violation of U.S. law. Anonymous is now attempting to neutralize ISIS recruiting efforts online, which many consider a good thing, but would violate most cybersecurity laws around the world (denial of service attacks are illegal in most countries). Edward Snowden is in exile in Russia as a result of his efforts to reveal to the world the spying efforts of the NSA. His efforts have had an impact around the world, yet he is a wanted man in the States. Some leaders in the U.S. government consider his actions treason and want him to serve a long prison term. Is he a black hat because he broke law, or is he a hero and white hat for exposing to the world the abuses of the NSA?

Edward Snowden

I think you can see that defining a white hat is not simple. If we only use the definition that a white hat only hacks legally, then it would miss some very important illegal activities that changed the world for the better. If we limit ourselves to defining the good guys as those who follow the laws, then George Washington, Mahatma Gandhi, Nelson Mandela, and Rosa Parks would all be considered black hats, while in reality, they are all the white hats (good guys).

Defining the White Hat Hacker

In my opinion, a white hat works for the greater good of society and the world. If you are in a country that restricts freedom of speech and expression, you are likely a white hat hacker if you use your skills to keep the internet free and open. If your country is threatened by a cyber attack from a belligerent country and you can use your skills to blunt or repel that attack, you are likely a white hat hacker. If your country is subject to an oppressive and authoritarian regime and you can use your hacking skills to alter that, you are likely a white hat hacker. Obviously, you would be using your hacking skills for the greater good in all of these cases.

In summary, I want to emphasize that a white hat hacker—the kind we are here at Null Byte—are the good guys. We use our skills for the greater good of our people, our community, and the world. Sometimes those goals may clash with local laws, but WE ARE STILL WHITE HATS.

21 Comments

I still don't understand this White and Black Hat thing.(I mean why we need to justify ourselves!)Black Hat Hackers are criminals just like the other criminals.I believe we are Just Hackers!Nice Article Though!

I assume he might have combined White and Grey hats here.Since Grey hats are pertty much whites who are hacking to help in an illegal way.I'd support that though. A white hat is a white hat under the microscope, but what does one do behind the scenes?I can still do illegal ethical hacking, however noone would know it was me.You never know :P.Great article nevertheless.

I see your point, I did not mean to speak on your behalf, I might have miss-phrased that a bit.Appologies if I have.However, aren't Grey Hats simply white hats not obeying the law?

What I mean is, a White hat will ask for permission or get hired in order to hack.A Grey Hat will hack anonymously and illegaly with no mallicious intent however.On the other hand a Black Hat will hack for their own evil purposes.

Is that not correct?That's how I see it, pretty much like Phoenix said.

BlackHat: Hackers who engage in malicious/illegal activity for their own benefits, but might be at the harm of others

WhiteHats: Hackers/SecurityResearchers/PenTesters, hackers who get access/legalPermission from a web/program/companyOwner to test the security of their products/programs/etc. to find security flaws, report them to the owner, and suggest fixes to them

GrayHats: Hackers who break laws, but for a good purpose/cause. (I dunno how to put that in words, but dunno how to describe them without missing the mark...)

but then again, that's just my opinion. Others may have a different definition.

It's almost right, but I use an extra term 'hacktivist' to get 4 distinct classifications. Here they are-Whitehat-Pentesters, who obtain authorization from the company to find security flaws and suggest fixing them.Blackhat- Illegal & Malicious to the right/innocentGrayhat- I'd call them 'unauthorized' pentesters, who find vulnerabilities without legal authorization.Hacktivist- Hacker activists, who hack for a cause and won't mind breaking laws for thatPeople do not belong perfectly in 1 category, but actions do.

I consider the whole "hat" thing a bit superfluous. Indeed, I remember a tutorial on here about hacking your creepy neighbour's webcam that would not seem to fit into the "white hat" tag that NB has adopted; whatever the intention of the hacker the law would still have to be broken. As for people being shunned for expressing black hat aspirations - if anyone is dumb enough to discuss breaking the law on a public forum they should seriously reconsider their planned life of crime.

Do you know what the 'Black Hats' from Null Byte have done so they got kicked out of here?

That is interesting because I think I do wanna know how to do 'black hat' acts because now I consider my self as grey hat, I dont hack to make people feel bad , only to learn so I wanna know a lot of things related to the hacking subject :D

What about perspective? You don't train to be one or the other. Although, people assume that black hats "know more". Take for instance, if I walk down the street, see a bank and decide to hack them that night. The next day, the bank and the police consider me a blackhat-i broke into their stuff unsolicited. However, if I walk in the next day and turn over what I did, hand them a resume and 5 reasons they should hire me fulltime, they might consider me a whitehat-i did not use the data for personal/financial gain. However, most might consider me to be a greyhat-doing blackhat things with whitehat intentions.